Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Waiting for verification...
←[31mChallenge failed for domain oac-inc.com←[0m
←[31mChallenge failed for domain swscenics.com←[0m
http-01 challenge for oac-inc.com
http-01 challenge for swscenics.com
Cleaning up challenges
←[31mSome challenges have failed.←[0m
←[1m
IMPORTANT NOTES:
←[0m - The following errors were reported by the server:
Domain: oac-inc.com
Type: unauthorized
Detail: Invalid response from
http://oac-inc.com/.well-known/acme-challenge/Hm_0f1vY3mbXgdhSeglBPTyr5TexGSK
xeMwioDiKPwA
[204.98.120.165]: "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0
Strict//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html
xmlns=\"http"
Domain: swscenics.com
Type: unauthorized
Detail: Invalid response from
http://swscenics.com/.well-known/acme-challenge/28xSBdpHLNqwUCxi51KuVvSKAdiZF
-0-A_jSS_vlXRI
[204.98.120.165]: "<!DOCTYPE html>\r\n<html
lang=\"en-US\">\r\n<head id=\"Head\"><meta content=\"text/html;
charset=UTF-8\" http-equiv=\"Content-Type\" /><tit"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
IIS
The operating system my web server runs on is (include version):
Windows Server 2008 R2
My hosting provider, if applicable, is:
Self Hosted, DNS as well
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.11.0
My overall architecture is a single Windows 2008 server, running 2 VM's. One VM is the mail server, the other is the Web Server. They are all on the same IP with routing at the firewall by protocol
The web server is presently running the OAC-Inc.com site as an old school standard HTML site. The SWScenics.com site is running on a content management system, DotNetNuke. They are all running with Host Header bindings. The "Default" (by IP) site is running but empty.
The Mail server is an Exchange 2007 server.
I've been somewhat overwhelmed with all the info I've found on this and I haven't been able to sort it all out to my situation.
If you can reach the test.txt file using your browser but you can't reach the first one, create a web.config file at C:\www\.well-known\acme-challenge\web.config to allow extensionless files in IIS:
Note: Remember that path C:\www is just an example, you must use the ones used by your domains.
Hi Sahsanu,
This morning I tried your suggestion and failed from the outset. I went to my c:/wwwroot folder and tried to create a folder named ".well-known" and immediately got an error "You must provide a file name". I'm a Windows guy and was pretty sure you can't create a folder leading with a dot.
Would creating a directory call Well-Known and then hiding it be the same thing?
Jeff
I've always wanted to learn Linux but paying work keeps interring. sigh....
OK, most of that all worked. the Web.config didn't seem to work properly, but I was able to accomplish the same thing in IIS manager. I can reach both "test" and "Test.txt" both locally and remotely.
I reran certbot and it worked and created the certificate for our main site OAC-INC.com, However it did not work for the SWScenics.com domain. That one is running under a content management system so I believe I need to fool around with the folder pathing a little more.
I think I'm getting smarter with your help and beginning to figure this out.
Thanks
Jeff